Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

Expression Language Injection

SD
Stefano Di Paola
Mon, Sep 12, 2011 10:55 AM

Guys,
someone may be interested in this Spring MVC related paper
(CVE-2011-2730) "Expression Language Injection":
http://blog.mindedsecurity.com/2011/09/expression-language-injection.html

Vulnerable app and server side examples:
http://68.169.49.40:18080/ELInjection/demo.htm

Client side Poc example:
http://www.wisec.it/spring/springopt.html

Official fix/statement from SpringSource:
http://www.springsource.com/security/cve-2011-

Cheers,
Stefano

Ps. sorry for cross post :)

--
...oOOo...oOOo....
Stefano Di Paola
Software & Security Engineer

Owasp Italy R&D Director

Web: www.wisec.it
Twitter: http://twitter.com/WisecWisec
Work: http://www.mindedsecurity.com
Blog: http://blog.mindedsecurity.com
..................

Guys, someone may be interested in this Spring MVC related paper (CVE-2011-2730) "Expression Language Injection": http://blog.mindedsecurity.com/2011/09/expression-language-injection.html Vulnerable app and server side examples: http://68.169.49.40:18080/ELInjection/demo.htm Client side Poc example: http://www.wisec.it/spring/springopt.html Official fix/statement from SpringSource: http://www.springsource.com/security/cve-2011- Cheers, Stefano Ps. sorry for cross post :) -- ...oOOo...oOOo.... Stefano Di Paola Software & Security Engineer Owasp Italy R&D Director Web: www.wisec.it Twitter: http://twitter.com/WisecWisec Work: http://www.mindedsecurity.com Blog: http://blog.mindedsecurity.com ..................
Empathy v1.0   2024 ©Harmonylists.com